search for: linuxpam

Hi. I'm one of the OpenSSH developers, and I've done some of the work on sshd's PAM interface recently. I've discovered some behaviour peculiar to LinuxPAM that I can't explain: changing the conversation function does not appear to work, even though the pam_set_item() call claims to succeed. The previous conversation function is still called. Background: the PAM API is a poor fit for the SSH protocol, so the conversation function needs to d...

All, I hate to ask what's going to boil down to a configuration issue (I think)... and before I start pouring through the code I'm hoping someone can just point out what's going on. Essentially, on a particular "flavor" of our redhat linux 8 boxes PAM always seems to be called/fail before any real authentication takes place. On other boxes, this is not the case. Normally

http://bugzilla.mindrot.org/show_bug.cgi?id=1165 Summary: 'groups' command fails on AIX when logged in as root user via SSH. Product: Portable OpenSSH Version: 4.2p1 Platform: Other OS/Version: AIX Status: NEW Severity: major Priority: P2 Component: Miscellaneous

Hi, The Solaris password requirements like a. no empty password b. minimum 6 chars etc for a regualr user are not enforced when a password expired user is changing password at the SSH login prompt. The version of openSSH I am using is 3.8.1 and Solaris 8 is where the sshd is running. Is anybody aware of this problem? Is there some configuration option I can use to enforce these password

...d (current) UNIX password: New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully. Connection to localhost closed. (that logout and login again process is annoying) The error message received looks very similar to a problem Darren had with LinuxPAM back in 2004 about setting the conversation, but I can't find if this was ever resolved http://osdir.com/ml/pam/2004-06/msg00028.html Of course the RedHat provided OpenSSH3.6 package (with their gazillion patches) works just fine; allows the password to be changed and doesn't force a log...

Hello, We use USE_POSIX_THREADS in our HP-UX build of OpenSSH. When we connect a non-root user with PAM [pam-kerberos] then I get the following error. debug3: PAM: opening session debug1: PAM: reinitializing credentials PAM: pam_setcred(): Failure setting user credentials This is particularly for non-root users with PrivSep YES. When I connect to a root user with PrivSep YES or to a non-root

...ps() which was made via the following changeset which doesn't mention a bugID: https://anongit.mindrot.org/openssh.git/commit/platform.c?id=cc12418e18242ce1f61d7035da4956274ba13a96 The comment mentions initgroups(3C) wiping out supplementary groups which only applies in the Linux world if the LinuxPAM pam_group(8) module has been installed and configured which allows one to assign additional secondary groups to a user using /etc/security/group.conf in addition to /etc/group. Note that there is an OpenPAM PAM module of the same name, pam_group(8), which has different functionality, it performs a...

...implementor at http://www.openpam.org/errata.html If you like reading vague specs, try reading the original PAM DCE RFC. This vagueness contributed to one of the vulnerabilities mentioned. 3. Differences between vendors' implementations. Solaris PAM passes message arguments differently to LinuxPAM and OpenPAM. Some PAM implementations fatally break unless you set a PAM_TTY. There are differences in how implementations respond to credential (re-)initialisation and operation across different processes. So I think that the recommendation to disable PAM unless you need it is a conservative...

I would like disable password authentication in sshd for particular users, without locking their UNIX password, and without requiring all users to use PubkeyAuthentication. I cannot find a documented way to accomplish this in OpenSSH. Is it currently possible? If not, I think this would be a very useful feature to add. I believe that each user should have some control of which authentication

I think I've seen this come up before, but I couldn't find an answer in the archives. I'm trying to use the PAM "pam_mail.so" module on Linux to set the MAIL environment variable (so I don't have to try to do it in various shell init scripts), but the MAIL setting doesn't get passed through unless I disable PrivilegeSeparation. Is there a way to have PAM set

The denyUsers / AllowUsers option in openSSH does not satisfy our needs. We want to supply our own software to allow/deny sessions based on time of day. I do not know if PAM can do this, but in any case we can not use PAM. ? Did someone do such a change in openSSH code

http://bugzilla.mindrot.org/show_bug.cgi?id=1049 Summary: Variable delay in password logins to fight dictionary attacks Product: Portable OpenSSH Version: 3.8.1p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo:

https://bugzilla.mindrot.org/show_bug.cgi?id=926 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1353 --- Comment #27 from Darren Tucker <dtucker at zip.com.au> 2008-01-01 02:05:40 --- Patch #1216

http://bugzilla.mindrot.org/show_bug.cgi?id=926 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO|994 | nThis| | ------- Additional Comments From dtucker at zip.com.au 2005-05-22 11:03 -------

http://bugzilla.mindrot.org/show_bug.cgi?id=951 Summary: SSH2 protocol breaks pam chroot auth Product: Portable OpenSSH Version: 3.9p1 Platform: Other URL: --- OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2049 Priority: P5 Bug ID: 2049 Assignee: unassigned-bugs at mindrot.org Summary: Request for a configurable option for SFTP to display login information to the user after a successful login. Severity: enhancement Classification: Unclassified

https://bugzilla.mindrot.org/show_bug.cgi?id=2641 Bug ID: 2641 Summary: Add systemd notify code to to track running server Product: Portable OpenSSH Version: 7.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: